Abstract

The fraud and abuse laws that govern conduct related to the federal health-care programs, such as Medicare and Medicaid, impose broad and complex limitations on billing practices and financial relationships among providers. Given the potential consequences of engaging in fraudulent behavior, it is crucial that physicians appreciate the types of activities that may run afoul of these laws. This article summarizes the major aspects of the fraud laws that are most likely to have a daily impact on physician practice: the Civil False Claims Act, the Medicare and Medicaid Anti-Kickback Statute, and the so-called Stark Law prohibition on physician self-referrals.

Physicians who accept payment from the federal health-care programs, most notably Medicare and Medicaid, face a bewildering array of requirements that grow more complex each year. Although rules governing the ability to participate in and obtain payment from these programs may receive the most attention, physicians must not overlook the equally complex and important rules that apply to health-care fraud. The consequences of engaging in fraudulent activities include denial of payment, exclusion from the federal health-care programs, collateral loss of state licensure and hospital staff privileges, hefty financial penalties, and even imprisonment. Many fraud prohibitions are clear, yet others encompass activities that might appear to be innocuous, cost-effective, or even beneficial. Given the potential repercussions, an appreciation of these restrictions, intuitive and otherwise, is crucial for physicians.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) brought major changes to fraud enforcement.1 In addition to defining new federal crimes, most notably federal Health-care Fraud, HIPAA directed more funds to the US Department of Health and Human Services (DHHS) and Department of Justice to combat health-care fraud. A key component of HIPAA was the creation of the Health Care Fraud and Abuse Control Program to coordinate federal, state, and local enforcement efforts. The centerpiece of the control program is the Health Care Fraud and Abuse Control Account, which funds inspections, investigations, and prosecutions, in part by using funds recovered through previous antifraud efforts.2

The Patient Protection and Affordable Care Act of 2010 (ACA) and the accompanying Health Care and Education Reconciliation Act of 2010 contain no shortage of antifraud provisions.3,4 These include not only increased budgets for fraud enforcement and amendments to the major fraud laws but also a variety of provisions allowing for better control over persons who submit bills to the federal health-care programs and more timely assessment of the claims they submit, in contrast to the current pay-and-chase model.5 Although civil fraud prosecutions have been prominent in recent years, the Obama Administration has also prioritized criminal prosecutions by establishing the Health Care Prevention and Enforcement Action Team (HEAT) in May 2009. Building on HIPAA’s cooperative interagency model, HEAT is a cabinet-level joint DHHS and Department of Justice initiative targeting major areas of health-care fraud risk by expanding the Medicare Strike Force model and using technology to analyze real-time electronic claims data for patterns that might indicate fraud.6,7

As Table 1 illustrates, these efforts have resulted in a significant number of enforcement actions and recoveries. Through the end of fiscal year 2012, the Control Account had returned > $23 billion to the Medicare trust funds since 1997.7 Although most investigations involve entities such as durable medical equipment suppliers, hospitals, and pharmaceutical manufacturers, individuals were the targets of an estimated 15.4% of criminal and 12.1% of civil investigations in 2010.8 Clearly, health-care fraud enforcement remains a very real threat for physicians.

From the US Department of Health and Human Services and Department of Justice.7

A variety of federal and state laws apply to health-care fraud. Some of these laws, such as the Medicare and Medicaid Anti-Kickback Statute,9 directly target improper health-care activities. Other laws, such as the Civil False Claims Act (FCA),10 apply more generally to those who do business with the federal government. Health-care fraud also may be prosecuted under traditional criminal laws, such as mail and wire fraud,11,12 as well as state fraud and consumer protection statutes. Of these myriad statutes, the ones most likely to have a daily impact on physician practice are the FCA, the Anti-Kickback Statute, and the Stark self-referral prohibitions.

Civil False Claims Act

The FCA was enacted in 1863 to address fraud schemes perpetrated on the Union Army during the Civil War. The statute prohibits a variety of activities, including not only the submission of false or fraudulent claims to the government but also the making or using of false records or statements material to a false or fraudulent claim, conspiracies, and so-called reverse false claims that understate an obligation to pay or repay the government.10 The basic false claims prohibition imposes liability on a defendant (1) who presents or causes to be presented a claim for payment or approval, (2) the claim is false or fraudulent, and (3) the acts are undertaken knowingly (which includes not only actual knowledge but also deliberate ignorance and reckless disregard of truth or falsity).13 For most physicians, the greatest risk of FCA liability lies in claims that are submitted to the Medicare and Medicaid programs.

Violations of the FCA are subject to civil penalties of $5,500 to $11,000 per claim plus three times the government’s damages.14,15 Because of the way physicians typically bill for their services, it does not take long for penalties to add up. Most physicians generate a bill for each set of services rendered to each patient, submitting thousands of small claims each year.16 If fraud occurs in small amounts, such as a few dollars per claim, treble damages are likely to be relatively small, whereas the per-claim penalties rise quickly. In United States υ Krizek,17 for example, a psychiatrist was accused of submitting 8,002 claims, each inflated by about $30, for damages totaling $245,000; seeking a penalty of $10,000 per claim, the government sued for $81 million. Combined with the threat of exclusion from federal health-care programs, the FCA is a key reason why health-care providers choose to settle fraud allegations rather than take their chances at trial. This general Civil War-era antifraud law has become a key component of the government’s modern war against health-care fraud.

A key reason the FCA is so effective is the law’s qui tam provision, which permits a private relator who sues on the government’s behalf to share in a portion of the proceeds.18 After amendments in 1986 modernized the act and made it more lucrative to pursue qui tam actions, the number of FCA suits has grown exponentially, particularly in health care. More than 60% of qui tam suits filed in 2012 alleged fraud in the federal health-care programs compared with roughly 10% in 1987.19 This powerful law can be invoked not only by federal prosecutors but also by competitors, employees, patients, and even other physicians, creating significant exposure for those who receive payment from the federal health-care programs.

Historically, health-care FCA cases have involved basic misrepresentations regarding services, for example, claims for services that were not provided or for more-expensive types of care than were delivered. In recent years, however, both federal prosecutors and qui tam relators have sued under circumstances in which claimed services were in fact provided but may have violated an underlying legal requirement (eg, a Medicare condition of participation or the antireferral laws described later in this article).20 Thus, the FCA has been used to enforce other health laws that do not in themselves provide private rights of action.

The FCA has undergone only a few key amendments in its history, two since the late 2000s. The Fraud Enforcement and Recovery Act of 2009 made several substantive changes to the FCA, including expanding the false records provision; redefining a claim to require only a broad relation to government payment; broadening the conspiracy prohibition; and, most importantly for physicians who participate in Medicare and Medicaid, expanding reverse false claims explicitly to include retaining an overpayment from the government.21 The health-care reform legislation, in turn, loosened the procedural rules governing who is eligible to bring a qui tam suit.22 The ACA also tied the FCA more closely to payments made in connection with the new health-care exchanges, clarifying that the knowing retention of an overpayment for > 60 days after identification will be subject to the reverse false claims prohibition.23 The clear effect is to extend the FCA prohibition to the increasing number of health-care payments that will be linked to the federal government. With an expansion of federal health-care funding under the ACA, such as through exchange-related insurance subsidies and the federal share of Medicaid expansion,24 the FCA will remain a strong incentive for physicians to take steps to ensure that their bills are accurate.

Medicare and Medicaid Anti-Kickback Statute

Although the FCA governs the submission of claims to the federal government, the Medicare and Medicaid Anti-Kickback Statute is the major federal law affecting financial relationships within the health-care market. The law prohibits offering, paying, soliciting, or receiving any remuneration to induce someone to refer patients or to purchase, order, or recommend any item or service that may be paid for under a federal health-care program.9 This broadly drawn criminal statute seeks to limit the influence of financial incentives on health-care referral and purchasing decisions. As the DHHS Office of Inspector General (OIG) has explained:

Kickbacks can distort medical decision-making, cause overutilization, increase costs and result in unfair competition...[and] adversely affect the quality of patient care by encouraging physicians to order services or recommend supplies based on profit rather than the patients’ best medical interests.25

The statute prohibits (1) the knowing and willful (2) offer or payment (or solicitation or receipt) (3) of any form of remuneration (4) to induce someone to refer patients to any facility or to purchase, lease, or order (5) any item or service for which payment may be made by a federal health-care program. Because the statute prohibits both offer and payment and solicitation and receipt, both parties to a transaction may be prosecuted. Remuneration is defined broadly to include payments made “directly or indirectly, overtly or covertly, in cash or in kind,”26 a definition that extends beyond simple kickbacks and bribes to reach the exchange of virtually anything of value, including relieving someone of an expense that otherwise might be incurred (eg, office rent). The statute applies to referrals made in connection with any of the federal health-care programs, although Medicare and Medicaid cases are most common. Although the statute does not require proof of financial harm to the government, the OIG has stated that “the more an arrangement involving remuneration offered to induce referrals increases...program costs or results in unnecessary utilization, the more likely...we would have an interest in prosecuting the offense.”27

The statute includes two provisions relevant to the defendant’s state of mind. The first asks whether the defendant paid or received remuneration knowingly and willfully. Although subject to debate over the years, the ACA clarified that defendants need not “have actual knowledge...or specific intent to commit a violation of” the statute.28 Thus, physicians may be liable if they generally were aware that their actions were wrongful, even if they had no knowledge that they violated the Anti-Kickback Statute specifically.

The second question is whether the remuneration was designed to induce the referral of patients or the purchase of items or services. The statute has been interpreted broadly to encompass situations in which even one purpose of the remuneration, rather than its sole or primary purpose, is to induce prohibited referrals.29 Recognizing that most health-care transactions involve at least some contemplation of business advantage, however, one court acknowledged that

a hospital or individual may lawfully enter into a business relationship with a doctor and even hope for or expect referrals from that doctor as long as the hospital is motivated to enter into the relationship for legal reasons entirely distinct from its collateral hope for referrals.30

Whether this formulation provides any meaningful guidance remains to be seen.

Violations of the law are punishable by criminal, civil, and administrative sanctions. Violation is a felony subject to up to 5 years imprisonment, a fine of up to $25,000, or both.31 Convicted defendants are subject to exclusion from all federal health-care programs, a potentially fatal blow for many providers.32 In the absence of a criminal conviction, the OIG may instead seek permissive exclusion of the provider.33 Although the defendant has a right to an attorney, to discovery, and to present evidence, permissive exclusion is imposed in an administrative hearing rather than in a full-fledged trial. The government also has the authority to impose a civil monetary penalty (CMP) in the amount of $50,000 for each violation plus three times the remuneration involved; as under the FCA, the per-violation penalties in many cases will dwarf the treble remuneration.34 Clarifying an issue that had been the subject of disagreement in the courts, the ACA amended the statute to make clear that “a claim that includes items or services resulting from a violation of this section constitutes a false or fraudulent claim for purposes of” the FCA, thus permitting a potential private right of action for kickbacks.35

The language of the Anti-Kickback Statute is extremely broad. Although the statute is very good at identifying all financial ties that might impermissibly influence referral decisions, it does not clearly distinguish problematic activities from ones that may be neutral or perhaps even salutary. Fortunately, the statute contains explicit exceptions for certain common transactions, including discounts, payments to employees, and payments made through managed care risk-sharing arrangements.36 Moreover, Congress directed the Secretary of DHHS to develop regulations exempting additional practices from the scope of the law, known as safe harbors.37 The safe harbors address a broad variety of common business arrangements, such as personal services contracts and the lease of office space and equipment, as well as specific health-care activities such as the sale of a medical practice.38

Each safe harbor requires the satisfaction of very specific criteria, generally including a signed written agreement; a minimum 1-year term; and compensation that is consistent with fair market value, set in advance, and not dependent on the business generated between the parties. These narrow requirements, however, may not protect many real-life business arrangements. Recent years have also seen a proliferation of additional forms of anti-kickback guidance, including advisory opinions that allow DHHS to opine about whether a proposed transaction would violate the statute or subject the requestor to CMPs or exclusion39 and special fraud alerts that identify suspect practices that may attract scrutiny.40 Because a violation of the statute can be proven only if there is sufficient evidence of prohibited intent, however, neither arrangements that fail to satisfy a safe harbor nor those that have been characterized as suspect are necessarily illegal. Due to the complexity of the law, physicians should consult qualified legal counsel before engaging in transactions that might implicate the Anti-Kickback Statute. In many cases, the best course of action may be to meet as many of the analogous safe harbor criteria as possible while documenting legitimate business reasons for any deviation.

Limitations on Physician Self-Referrals (Stark Law)

The Ethics in Patient Referrals Act of 1989 (often called the Stark Law for its sponsor, Representative Fortney “Pete” Stark), is a civil statute that prohibits the referral of Medicare and Medicaid patients to entities with which the referring physician has a financial relationship.41 Although both the Stark Law and the Anti-Kickback Statute are designed to limit the effect of financial incentives on health-care decision-making, Stark is a narrower and stricter prohibition that focuses on concerns that self-referral may lead to overuse of services.42,43 The original legislation, often called Stark I, took effect in January 1992 and applied only to referrals of Medicare patients for clinical laboratory services.44 Congress later extended the prohibition (Stark II) to Medicaid patients and expanded it to 10 additional categories of designated health services, including inpatient and outpatient hospital services, outpatient prescription drugs, and home health services.45

The Stark Law takes a different approach than the Anti-Kickback Statute, which requires case-by-case analysis of whether the defendant has improper intent. Instead, Stark bans all patient referrals if a prohibited financial relationship exists, subject to numerous narrow exceptions. In general, the law prohibits referrals of patients for designated health services if the referring physician or an immediate family member has a financial relationship with the entity that provides those services (whether through ownership, investment, or compensation) and prohibits the receiving entity from billing for such services.46 With no intent requirement, the law is in essence a strict liability prohibition that applies to a wide range of financial relationships. Prohibited compensation arrangements involve remuneration broadly defined, including payments made directly, indirectly, overtly, covertly, in cash, and in kind; prohibited ownership and investment interests include those held in equity, in debt, or by any other means.46

Unlike the Anti-Kickback Statute, the Stark Law is not a criminal statute and is not punishable by imprisonment. For physicians, however, the consequences may be nearly as dire. Because the statute prohibits payment for services furnished pursuant to prohibited referrals, claims for such services will be denied and any payments must be refunded; the knowing submission of a bill for prohibited services is subject to a CMP of up to $15,000 for each service and $100,000 for each arrangement or scheme to violate the statute, as well as potential exclusion from the federal health-care programs.47 As under the Anti-Kickback Statute, courts have held that a claim that violates the Stark Law may be actionable under the FCA.48 Indeed, the majority of Stark Law allegations thus far have been brought as private qui tam suits rather than through direct enforcement by DHHS. Clarifying a gap in prior enforcement authority, the ACA directed the Secretary of DHHS to establish a Medicare Self-Referral Disclosure process that enables providers to self-report potential violations of the law and authorizes DHHS to negotiate settlements.49

The strictness of the Stark Law prohibition is mitigated somewhat by its many statutory exceptions. Yet, here too, the law is stricter than the Anti-Kickback Statute: Because no intent must be proven, a violation exists unless all the criteria of an exception are satisfied. Exceptions fall into three categories: (1) general exceptions, including ancillary services provided in a physician’s office (eg, an in-office laboratory), which apply to both ownership and compensation arrangements; (2) exceptions related only to ownership or investment interests, such as the purchase of publicly traded securities or mutual funds on terms that would be available to a layperson; and (3) exceptions related solely to compensation arrangements, many of which resemble the anti-kickback safe harbors for common business practices, such as the rental of office space or personal services arrangements.50 The ACA made two major changes to these exceptions: banning new physician ownership of specialty hospitals after December 31, 2010, and requiring physicians who provide in-office ancillary radiology services to inform patients in writing of unrelated entities that can provide those services.51

Stark Law enforcement has been complicated by the ongoing saga of the implementing regulations. Although the original prohibitions went into effect in 1992, regulations were not finalized until August 1995—3 years later, and 8 months after the expanded Stark II provisions had become effective.52 Additional regulations specific to Stark II were not proposed until January 1998 and were finalized in multiple phases in a convoluted process that took until September 2007—15 years after the first prohibition went into effect.53 This delay generated considerable uncertainty for health-care providers and may have contributed to the relative infrequency of direct enforcement of the prohibition. Although most health-care fraud regulations do not have quite as tortured a history as the Stark Law, clearly the regulatory process can be an imperfect fit in situations where more timely forms of guidance are necessary, such as when liability for health-care fraud is at stake.

Conclusion

The laws that govern health-care fraud are complex and broad, and a finding of liability may have severe repercussions for a physician’s practice, livelihood, and even freedom. Building on the HIPAA model, the recent health-care reform legislation has strengthened the government’s ability to police health-care fraud. The Obama Administration has revitalized the criminal as well as the civil side of health-care fraud enforcement; one analysis found that criminal health-care fraud prosecutions increased 68.9% between fiscal years 2010 and 2011, reaching the highest level in the 20 years such offenses have been tracked.54 Familiarity with the basic health-care fraud prohibitions and a willingness to consult an expert for advice about possible exposure are crucial for physicians in the current health-care environment.

Acknowledgments

Financial/nonfinancial disclosures: The author has reported to CHEST the following conflicts of interest: Dr Krause receives royalties from Wolters Kluwer Law & Business as an author of Health Law & Bioethics: Cases in Context by Johnson SH, Krause JH, Saver RS, and Wilson RF, eds, 2009.

Government Accountability Office. Types of providers involved in Medicare, Medicaid, and the Children’s Health Insurance Program cases. Government Accountability Office website. http://gao.gov/assets/650/647849.pdf. Published September 2012. Accessed April 24, 2013.

Government Accountability Office. Higher use of advanced imaging services by providers who self-refer costing Medicare millions. Government Accountability Office website. http://gao.gov/assets/650/648988.pdf. Published September 2012. Accessed April 24, 2013.

Government Accountability Office. Types of providers involved in Medicare, Medicaid, and the Children’s Health Insurance Program cases. Government Accountability Office website. http://gao.gov/assets/650/647849.pdf. Published September 2012. Accessed April 24, 2013.

Government Accountability Office. Higher use of advanced imaging services by providers who self-refer costing Medicare millions. Government Accountability Office website. http://gao.gov/assets/650/648988.pdf. Published September 2012. Accessed April 24, 2013.

Copyright in the material you requested is held by the American College of Chest Physicians (unless otherwise noted).
This email ability is provided as a courtesy, and by using it you agree that that you are requesting the material
solely for personal, non-commercial use, and that it is subject to the American College of Chest Physicians’ Terms of Use.
The information provided in order to email this topic will not be used to send unsolicited email, nor will it be
furnished to third parties. Please refer to the American College of Chest Physicians’ Privacy Policy for further information.

Forgot your password?

Enter your username and email address. We'll send you a reminder to the email address on record.

Username
(required)

Email Address
(required)

Athens and Shibboleth are access management services that provide single sign-on to protected resources. They replace the multiple user names and passwords necessary to access subscription-based content with a single user name and password that can be entered once per session. It operates independently of a user's location or IP address. If your institution uses Athens or Shibboleth authentication, please contact your site administrator to receive your user name and password.